Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.
  • Residence:
    Dublin
  • County:
    Dublin
  • Country:
    Ireland
Cyber Security Incident Response
Management & Architecture of Cyber Security Teams
Solutions & Coaching
  • Cyber Security Incident Response
  • Management & Architecture of Cyber Security Teams
  • Solutions
  • Training & Coaching

Hackers Spotted Using Morse Code in Phishing Attacks to Evade Detection

August 13, 2021

Microsoft has disclosed particulars of an evasive year-long social engineering marketing campaign whereby the operators stored altering their obfuscation and encryption mechanisms each 37 days on common, together with counting on Morse code, in an try and cowl their tracks and surreptitiously harvest person credentials.

The phishing assaults take the type of invoice-themed lures mimicking financial-related enterprise transactions, with the emails containing an HTML file (“XLS.HTML”). The final word goal is to reap usernames and passwords, that are subsequently used as an preliminary entry level for later infiltration makes an attempt.

Stack Overflow Teams

Microsoft likened the attachment to a “jigsaw puzzle,” noting that particular person elements of the HTML file are designed to seem innocuous and slip previous endpoint safety software program, solely to disclose its true colours when these segments are decoded and assembled collectively. The corporate didn’t determine the hackers behind the operation.

“This phishing marketing campaign exemplifies the fashionable e-mail risk: subtle, evasive, and relentlessly evolving,” Microsoft 365 Defender Menace Intelligence Group said in an evaluation. “The HTML attachment is split into a number of segments, together with the JavaScript recordsdata used to steal passwords, that are then encoded utilizing numerous mechanisms. These attackers moved from utilizing plaintext HTML code to using a number of encoding strategies, together with outdated and weird encryption strategies like Morse code, to cover these assault segments

Opening the attachment launches a browser window that shows a faux Microsoft Workplace 365 credentials dialog field on high of a blurred Excel doc. The dialog field exhibits a message urging the recipients to register once more on account of causes that their entry to the Excel doc has purportedly timed out. Within the occasion the person enters the password, the person is alerted that the typed password is inaccurate, whereas the malware stealthily harvests the data within the background.

Prevent Data Breaches

The marketing campaign is alleged to have undergone 10 iterations since its discovery in July 2020, with the adversary periodically switching up its encoding strategies to masks the malicious nature of the HTML attachment and the totally different assault segments contained inside the file.

Microsoft mentioned it detected the usage of Morse code within the assaults’ February and Might 2021 waves, whereas later variants of the phishing package have been discovered to direct the victims to a official Workplace 365 web page as a substitute of exhibiting a faux error message as soon as the passwords have been entered.

“Electronic mail-based assaults proceed to make novel makes an attempt to bypass e-mail safety options,” the researchers mentioned. “Within the case of this phishing marketing campaign, these makes an attempt embrace utilizing multilayer obfuscation and encryption mechanisms for recognized present file varieties, reminiscent of JavaScript. Multilayer obfuscation in HTML can likewise evade browser safety options.

Posted in SecurityTags:
Write a comment